Filtering intrusion detection alarms

被引：12

作者：

Mansour, Nashat ^{[1
]}

Chehab, Maya I. ^{[1
]}

Faour, Ahmad ^{[2
]}

机构：

[1] Lebanese Amer Univ, Dept Comp Sci & Math, Beirut, Lebanon

[2] Lebanese Univ, Beirut, Lebanon

来源：

CLUSTER COMPUTING-THE JOURNAL OF NETWORKS SOFTWARE TOOLS AND APPLICATIONS | 2010年 / 13卷 / 01期

关键词：

Alarm filtering; Computer security; Growing hierarchical self-organizing map; Intrusion detection; Self-organizing map;

D O I：

10.1007/s10586-009-0096-9

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

A Network Intrusion Detection System (NIDS) is an alarm system for networks. NIDS monitors all network actions and generates alarms when it detects suspicious or malicious attempts. A false positive alarm is generated when the NIDS misclassifies a normal action in the network as an attack. We present a data mining technique to assist network administrators to analyze and reduce false positive alarms that are produced by a NIDS. Our data mining technique is based on a Growing Hierarchical Self-Organizing Map (GHSOM) that adjusts its architecture during an unsupervised training process according to the characteristics of the input alarm data. GHSOM clusters these alarms in a way that supports network administrators in making decisions about true and false alarms. Our empirical results show that our technique is effective for real-world intrusion data.

引用

页码：19 / 29

页数：11

共 50 条

[1] Filtering intrusion detection alarms
Nashat Mansour
Maya I. Chehab
Ahmad Faour
Cluster Computing, 2010, 13 : 19 - 29
[2] An incremental intrusion detection model using alarms correlation
Ahmadzadeh, Mohammad
Vahidi, Javad
Bidgoli, Behrouz Minaei
Pourebrahimi, Alireza
INTERNATIONAL JOURNAL OF NONLINEAR ANALYSIS AND APPLICATIONS, 2021, 12 : 541 - 562
[3] An approach to reduce false alarms in an Intrusion Detection System
Mohajerani, M
Moeini, A
Haydari, H
SAM '05: Proceedings of the 2005 International Conference on Security and Management, 2005, : 127 - 132
[4] Using fuzzy system to manage false alarms in intrusion detection
Shajari, M
Ghorbani, AA
SECURITY AND PRIVACY IN THE AGE OF UNCERTAINTY, 2003, 122 : 241 - 252
[5] Strategy to Reduce False Alarms in Intrusion Detection and Prevention Systems
Qassim, Qais
Patel, Ahmed
Mohd-Zin, Abdullah
INTERNATIONAL ARAB JOURNAL OF INFORMATION TECHNOLOGY, 2014, 11 (05) : 500 - 506
[6] Optimal filtering techniques for intrusion detection
Jha, S
Kruger, L
Kurtz, TG
Lee, Y
Smith, A
Wu, ZX
Signal Processing, Sensor Fusion, and Target Recognition XIV, 2005, 5809 : 578 - 589
[7] Intrusion detection alarms reduction using root cause analysis and clustering
Al-Mamory, Safaa O.
Zhang, Hongli
COMPUTER COMMUNICATIONS, 2009, 32 (02) : 419 - 430
[8] A Hybrid Approach to Mitigate False Positive Alarms in Intrusion Detection System
Sachin
Krishna, C. Rama
INTERNATIONAL CONFERENCE ON COMPUTER NETWORKS AND COMMUNICATION TECHNOLOGIES (ICCNCT 2018), 2019, 15 : 837 - 848
[9] Minining intrusion detection alarms with an SA-based clustering approach
Wang, Jianxin
Xia, Yunqing
Wang, Hongzhou
2007 INTERNATIONAL CONFERENCE ON COMMUNICATIONS, CIRCUITS AND SYSTEMS PROCEEDINGS, VOLS 1 AND 2: VOL 1: COMMUNICATION THEORY AND SYSTEMS; VOL 2: SIGNAL PROCESSING, COMPUTATIONAL INTELLIGENCE, CIRCUITS AND SYSTEMS, 2007, : 905 - +
[10] Conceptual analysis of intrusion alarms
Morin, B
Debar, H
IMAGE ANALYSIS AND PROCESSING - ICIAP 2005, PROCEEDINGS, 2005, 3617 : 91 - 98

← 1 2 3 4 5 →